Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b80b47-a7bc-4eb4-8be6-b130bf76fe10/1/XQMAe3OCXqszglXzF-lDuX2NmPw.roa
File: XQMAe3OCXqszglXzF-lDuX2NmPw.roa (raw, json)
Hash identifier: zQHV3Kw3ll2/R6PbVpRjnCEemoBoDAGl7L3VXcFmKr8=
Subject key identifier: 5D:03:00:7B:73:82:5E:AB:33:82:55:F3:17:E9:43:B9:7D:8D:98:FC
Certificate issuer: /CN=4c7594b0214264f06677609bb4aa4779eb1eecad
Certificate serial: 2917A676
Authority key identifier: 4C:75:94:B0:21:42:64:F0:66:77:60:9B:B4:AA:47:79:EB:1E:EC:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/THWUsCFCZPBmd2CbtKpHeese7K0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/b80b47-a7bc-4eb4-8be6-b130bf76fe10/1/XQMAe3OCXqszglXzF-lDuX2NmPw.roa
Signing time: Sat 01 Jan 2022 04:56:49 +0000
ROA not before: Sat 01 Jan 2022 04:56:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29263
IP address blocks: 217.68.49.65/32 maxlen: 32
217.68.48.0/28 maxlen: 28
217.68.58.0/24 maxlen: 24
217.68.56.0/21 maxlen: 21
217.68.61.0/24 maxlen: 24
217.68.60.0/24 maxlen: 24
217.68.48.124/30 maxlen: 30
217.68.49.75/32 maxlen: 32
217.68.48.144/29 maxlen: 29
217.68.49.208/29 maxlen: 29
217.68.49.85/32 maxlen: 32
217.68.48.128/30 maxlen: 30
217.68.48.160/27 maxlen: 27
217.68.48.0/20 maxlen: 20
217.68.48.0/21 maxlen: 21
217.68.51.0/24 maxlen: 24
217.68.50.0/24 maxlen: 24
217.68.48.252/32 maxlen: 32
217.68.48.253/32 maxlen: 32
217.68.49.93/32 maxlen: 32
217.68.49.216/29 maxlen: 29
2a02:2400::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 689415798 (0x2917a676)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c7594b0214264f06677609bb4aa4779eb1eecad
Validity
Not Before: Jan 1 04:56:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5d03007b73825eab338255f317e943b97d8d98fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:45:b8:d7:ef:17:6d:3b:db:af:c9:56:ee:9d:
58:9a:75:f9:82:f5:6b:ae:9b:c4:2f:8b:7e:81:2c:
43:59:c9:4d:38:7d:19:32:75:49:f0:bf:83:ae:3c:
e1:7e:f6:3d:32:27:48:ab:b6:97:cd:85:dd:0a:34:
f3:88:1c:02:38:49:e4:1c:5f:6f:b4:ed:ce:77:c0:
e0:b1:a1:cd:14:2d:8b:fa:15:dd:fa:ae:54:ac:9b:
fa:28:db:2e:bb:1d:65:ed:63:b2:cc:de:2d:48:70:
d6:00:fe:2a:f9:6c:11:4a:77:8b:2f:50:80:2d:c1:
cb:60:8c:c3:6f:6e:30:d4:c0:a7:e5:77:fd:90:c6:
a4:08:92:24:e6:d5:9e:ee:84:0a:f8:10:47:f5:94:
f4:79:9e:8e:26:c5:ac:46:34:2f:72:cf:96:82:ee:
0c:17:e4:d5:48:de:59:00:7b:52:7e:f7:7b:52:69:
94:fa:dc:3a:47:02:ac:88:d0:f3:f1:3e:88:e9:c6:
a8:86:7c:5e:9e:75:84:8a:5c:2d:5e:5a:40:f4:e1:
19:c1:d7:62:60:ac:85:a2:97:b9:05:43:40:25:a2:
fc:f5:64:c0:f0:e4:ad:34:d2:d0:d6:97:6e:a9:ba:
20:28:2a:ab:7e:05:a2:b6:2a:2f:eb:64:7d:de:fb:
cb:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:03:00:7B:73:82:5E:AB:33:82:55:F3:17:E9:43:B9:7D:8D:98:FC
X509v3 Authority Key Identifier:
keyid:4C:75:94:B0:21:42:64:F0:66:77:60:9B:B4:AA:47:79:EB:1E:EC:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THWUsCFCZPBmd2CbtKpHeese7K0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b80b47-a7bc-4eb4-8be6-b130bf76fe10/1/XQMAe3OCXqszglXzF-lDuX2NmPw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b80b47-a7bc-4eb4-8be6-b130bf76fe10/1/THWUsCFCZPBmd2CbtKpHeese7K0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.68.48.0/20
IPv6:
2a02:2400::/32
Signature Algorithm: sha256WithRSAEncryption
0e:c7:82:fd:47:64:25:6d:32:b0:81:46:0e:a3:e9:71:7e:2e:
2a:e8:65:3f:e9:0c:2f:ef:81:3b:bf:51:f7:8d:c5:d0:e5:7a:
cf:73:9c:87:28:5b:96:bb:e6:b7:85:79:c6:b5:90:7e:98:4e:
42:f0:1f:78:2c:2b:f3:4b:1c:b9:82:03:e1:c2:38:05:e4:d7:
84:8f:77:f3:f5:e5:96:1e:40:e7:ca:97:7c:8b:16:dd:7f:fa:
d0:46:e9:4a:d6:dd:76:9b:0e:49:e5:e2:4c:1e:e6:70:40:39:
55:56:d8:0f:bf:ac:ef:e4:bc:ef:c4:88:a8:49:c4:ff:7a:dc:
a0:0e:0f:3a:68:99:07:0d:63:0d:2b:63:89:fa:ef:0a:81:1d:
31:50:f1:4c:05:ff:09:8d:9e:4b:9d:58:bb:6e:e1:d7:ef:93:
53:78:27:f4:31:0b:55:ec:35:60:35:f4:d8:49:e9:65:6f:ff:
7c:70:c3:68:26:84:ba:27:af:9e:c7:6a:39:c2:b1:45:88:31:
ec:1a:ce:b6:df:92:8e:c4:1b:90:f4:a6:78:b6:ce:c7:bc:70:
2f:c7:61:96:8f:e5:b6:f2:a8:f9:91:5f:f9:58:ee:22:9a:a0:
86:2c:06:b6:85:3b:05:60:2c:95:ef:33:26:85:4f:b6:8a:c5:
79:03:a0:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEKRemdjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Yzc1OTRiMDIxNDI2NGYwNjY3NzYwOWJiNGFhNDc3OWViMWVlY2FkMB4XDTIyMDEw
MTA0NTY0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQwMzAwN2I3Mzgy
NWVhYjMzODI1NWYzMTdlOTQzYjk3ZDhkOThmYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJBFuNfvF20726/JVu6dWJp1+YL1a66bxC+LfoEsQ1nJTTh9
GTJ1SfC/g6484X72PTInSKu2l82F3Qo084gcAjhJ5Bxfb7TtznfA4LGhzRQti/oV
3fquVKyb+ijbLrsdZe1jsszeLUhw1gD+KvlsEUp3iy9QgC3By2CMw29uMNTAp+V3
/ZDGpAiSJObVnu6ECvgQR/WU9HmejibFrEY0L3LPloLuDBfk1UjeWQB7Un73e1Jp
lPrcOkcCrIjQ8/E+iOnGqIZ8Xp51hIpcLV5aQPThGcHXYmCshaKXuQVDQCWi/PVk
wPDkrTTS0NaXbqm6ICgqq34ForYqL+tkfd77y7ECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRdAwB7c4JeqzOCVfMX6UO5fY2Y/DAfBgNVHSMEGDAWgBRMdZSwIUJk8GZ3
YJu0qkd56x7srTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RIV1VzQ0ZDWlBCbWQyQ2J0S3BIZWVzZTdLMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzgvYjgwYjQ3LWE3YmMtNGViNC04YmU2LWIxMzBiZjc2ZmUxMC8x
L1hRTUFlM09DWHFzemdsWHpGLWxEdVgyTm1Qdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgv
YjgwYjQ3LWE3YmMtNGViNC04YmU2LWIxMzBiZjc2ZmUxMC8xL1RIV1VzQ0ZDWlBC
bWQyQ2J0S3BIZWVzZTdLMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBNlEMDANBAIAAjAHAwUAKgIkADAN
BgkqhkiG9w0BAQsFAAOCAQEADseC/UdkJW0ysIFGDqPpcX4uKuhlP+kML++BO79R
943F0OV6z3Ochyhblrvmt4V5xrWQfphOQvAfeCwr80scuYID4cI4BeTXhI938/Xl
lh5A58qXfIsW3X/60EbpStbddpsOSeXiTB7mcEA5VVbYD7+s7+S878SIqEnE/3rc
oA4POmiZBw1jDStjifrvCoEdMVDxTAX/CY2eS51Yu27h1++TU3gn9DELVew1YDX0
2EnpZW//fHDDaCaEuievnsdqOcKxRYgx7BrOtt+SjsQbkPSmeLbOx7xwL8dhlo/l
tvKo+ZFf+VjuIpqghiwGtoU7BWAsle8zJoVPtorFeQOgCA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:26:25 2025 by rpki-client